From f994b13c226275f8857fb3dd735799c8648bcdd2 Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@defensec.nl>
Date: Tue, 22 Aug 2023 18:36:32 +0200
Subject: termdev: use modern in after for appending macros

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
 src/dev/termdev.cil | 33 +++++++++++++++------------------
 1 file changed, 15 insertions(+), 18 deletions(-)

(limited to 'src/dev/termdev.cil')

diff --git a/src/dev/termdev.cil b/src/dev/termdev.cil
index efd5e7a..956cc18 100644
--- a/src/dev/termdev.cil
+++ b/src/dev/termdev.cil
@@ -3,27 +3,9 @@
 
 (block termdev
 
-  (macro appendinherited_all_chr_files ((type ARG1))
-	 (allow ARG1 typeattr appendinherited_chr_file)
-	 (allowx ARG1 typeattr IOCTLCONSOLE)
-	 (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
-	 (allowx ARG1 typeattr IOCTLVT))
-
-  (macro readwriteinherited_all_chr_files ((type ARG1))
-	 (allow ARG1 typeattr readwriteinherited_chr_file)
-	 (allowx ARG1 typeattr IOCTLCONSOLE)
-	 (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
-	 (allowx ARG1 typeattr IOCTLVT))
-
   (macro type ((type ARG1))
 	 (typeattributeset typeattr ARG1))
 
-  (macro writeinherited_all_chr_files ((type ARG1))
-	 (allow ARG1 typeattr writeinherited_chr_file)
-	 (allowx ARG1 typeattr IOCTLCONSOLE)
-	 (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
-	 (allowx ARG1 typeattr IOCTLVT))
-
   (typeattribute typeattr)
 
   (blockinherit .file.all_macro_template_chr_files)
@@ -38,3 +20,18 @@
     (typeattribute typeattr)
 
     (allow typeattr termdev.typeattr (chr_file (not (audit_access execmod))))))
+
+(in after termdev.appendinherited_all_chr_files
+    (allowx ARG1 typeattr IOCTLCONSOLE)
+    (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+    (allowx ARG1 typeattr IOCTLVT))
+
+(in after termdev.readwriteinherited_all_chr_files
+    (allowx ARG1 typeattr IOCTLCONSOLE)
+    (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+    (allowx ARG1 typeattr IOCTLVT))
+
+(in after termdev.writeinherited_all_chr_files
+    (allowx ARG1 typeattr IOCTLCONSOLE)
+    (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI)
+    (allowx ARG1 typeattr IOCTLVT))
-- 
cgit v1.2.3